Post-COVID, the country’sscaleofimproveddigital savviness has apparently outpaced cyber alertness and corporate cybersecurity vigilance
In India, consumers browsing through major online retailers’ festive season sales have complained that they had received notification that their credit card had been charged for purchases they never made.
Cybercriminals had somehow stolen consumer data from the e-commerce websites or via phishing methods in order to make fraudulent purchases.
How could this have been prevented? Rakesh Raghuvanshi, founder and CEO, Sekel Tech, explained the intricacies of cybersecurity and culture in the country.
CybersecAsia: What contributed to the online retailers’ vulnerability to cyberattacks?
Rakesh Raghuvanshi (RR): During festive seasons in the country, the influx of shoppers puts immense pressure on e-commerce organizations, as they scramble to handle vast amounts of user data, increasing the risk of system overloads and making it challenging to safeguard sensitive information.
Also, as people rush to take advantage of festive sales and promotions, they often let their guard down, creating an ideal environment for cybercriminals to exploit. This surge in online activity and a lowering of cyber alertness levels exposes businesses, making them particularly vulnerable to data breaches and cyberattacks.
Topping the list of factors contributing to this risk is the sheer increase in online shopping during festivals. Techniques such as phishing and fake websites are used to lure unsuspecting shoppers into sharing sensitive personal and financial information. The seemingly fantastic deals offered through these platforms often blind consumers to the risks of online fraud and data theft.
CybersecAsia: What are the common cybersecurity mistakes made during festive shopping frenzies?
RR: Shoppers tend to be less careful during the festive rush. The excitement of finding the perfect bargain can cause individuals to skip reading the terms and conditions of websites, inadvertently agreeing to share more personal data than they otherwise would. Cybercriminals exploit this by embedding malicious links or requesting unnecessary permissions that lead to data leaks.
At the e-commerce end, festive seasons wear company resources thin. Employees can get distracted by the holiday spirit; the year-end workload; their own personal festive plans: this can make them slack in observing strict cybersecurity practices. Cybercriminals can then pounce on the opportunity to infiltrate company networks, particularly through employees working remotely on less secure devices.
Also, with more traffic during the festive season overwhelming IT staff, businesses may take longer to detect and respond to threats, giving hackers a wider window to exploit.
CybersecAsia: What are the cybercriminals doing right?
RR: While the festive season wears down cyber alertness, cybercriminals meanwhile are using social engineering techniques and taking advantage of holiday-themed phishing scams. These scams often involve fake discount offers, holiday greetings, or urgent notices designed to look authentic. Clicking on these links can lead to malware infections, putting both consumers and brands at risk.
For e-commerce organizations, the stakes involved are particularly high. A data breach not only results in the loss of critical customer information but also tarnishes its corporate reputation. Trust, once lost, is difficult to rebuild, and the costs associated with recovering from a data breach — including legal fees, compensation, and infrastructure repairs — can be astronomical.
CybersecAsia: What can consumers and e-commerce corporations do to break the cycle?
RR: It is critical that both e-commerce retailers and consumers stay vigilant.
Businesses must ensure their cybersecurity measures are up-to-date and robust, particularly during the festive season. Simple steps like strengthening firewalls, conducting regular security checks, and training employees to recognize potential threats can go a long way in preventing data leaks. They should consider using trusted third-party services that specialize in data protection and that are compliant with the country’s Digital Personal Data Protection Act to safeguard consumer data. This will ensure that they run advanced security tools and protocols designed to handle the surge in online traffic without compromising data security.
At the consumer level, being cautious of deals that seem too good to be true; avoiding sharing sensitive information on unsecured websites; and taking a moment to read through data privacy terms and conditions can help protect their personal data.
By taking proactive steps, both e-commerce firms and consumers can enjoy the festivities without falling prey to cybercriminals.
CybersecAsia thanks Rakesh Raghuvansh for sharing his professional insights with readers.
